7.0.9.0

CVSS 5.0 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

PARTIAL

Integrity impact

NONE

Availability impact

NONE

network

low complexity

ibm

CWE-613

NVD

Published: 2020-10-12

Updated: 2020-10-26

Summary

OOTB build scripts does not set the secure attribute on session cookie which may impact IBM Curam Social Program Management 7.0.9 and 7.0,10. The purpose of the 'secure' attribute is to prevent cookies from being observed by unauthorized parties. IBM X-Force ID: 189158.

Vulnerable Configurations

Part	Description	Count
Application	Ibm IBM Curam Social Program Management 7.0.9.0 IBM Curam Social Program Management 7.0.10.0	2

Common Weakness Enumeration (CWE)

CWE-613 - Insufficient Session Expiration

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/189158
https://www.ibm.com/support/pages/node/6346581